# $OpenBSD: phpMyAdmin-httpd.conf,v 1.2 2013/01/18 15:17:43 giovanni Exp $

Alias /phpMyAdmin ${INSTDIR}

<IfModule !mod_rewrite.c>
	LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so

	RewriteEngine on

	# Allow only GET and POST verbs
	RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]

	# Ban Typical Vulnerability Scanners and others
	# Kick out Script Kiddies
	RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]

	# Ban Search Engines, Crawlers to your administrative panel
	# No reasons to access from bots
	# Ultimately Better than the useless robots.txt
	# Did google respect robots.txt?
	# Try google: intitle:phpMyAdmin intext:"Welcome to phpMyAdmin *.*.*" intext:"Log in" -wiki -forum -forums -questions intext:"Cookies must be enabled"
	RewriteCond %{HTTP_USER_AGENT} ^.*(AdsBot-Google|ia_archiver|Scooter|Ask.Jeeves|Baiduspider|Exabot|FAST.Enterprise.Crawler|FAST-WebCrawler|www\.neomo\.de|Gigabot|Mediapartners-Google|Google.Desktop|Feedfetcher-Google|Googlebot|heise-IT-Markt-Crawler|heritrix|ibm.com\cs/crawler|ICCrawler|ichiro|MJ12bot|MetagerBot|msnbot-NewsBlogs|msnbot|msnbot-media|NG-Search|lucene.apache.org|NutchCVS|OmniExplorer_Bot|online.link.validator|psbot0|Seekbot|Sensis.Web.Crawler|SEO.search.Crawler|Seoma.\[SEO.Crawler\]|SEOsearch|Snappy|www.urltrends.com|www.tkl.iis.u-tokyo.ac.jp/~crawler|SynooBot|crawleradmin.t-info@telekom.de|TurnitinBot|voyager|W3.SiteSearch.Crawler|W3C-checklink|W3C_Validator|www.WISEnutbot.com|yacybot|Yahoo-MMCrawler|Yahoo\!.DE.Slurp|Yahoo\!.Slurp|YahooSeeker).* [NC]
	RewriteRule .* - [F]
</IfModule>

<Directory ${INSTDIR}>
	AllowOverride All

	# Default to only permitting access from localhost.
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
</Directory>
